1 /* SPDX-License-Identifier: LGPL-2.1+ */
7 #include "ask-password-api.h"
8 #include "errno-util.h"
9 #include "format-table.h"
10 #include "hexdecoct.h"
11 #include "homectl-fido2.h"
12 #include "homectl-pkcs11.h"
13 #include "libcrypt-util.h"
14 #include "locale-util.h"
15 #include "memory-util.h"
16 #include "random-util.h"
20 static int add_fido2_credential_id(
25 _cleanup_(json_variant_unrefp
) JsonVariant
*w
= NULL
;
26 _cleanup_strv_free_
char **l
= NULL
;
27 _cleanup_free_
char *escaped
= NULL
;
33 r
= base64mem(cid
, cid_size
, &escaped
);
35 return log_error_errno(r
, "Failed to base64 encode FIDO2 credential ID: %m");
37 w
= json_variant_ref(json_variant_by_key(*v
, "fido2HmacCredential"));
39 r
= json_variant_strv(w
, &l
);
41 return log_error_errno(r
, "Failed to parse FIDO2 credential ID list: %m");
43 if (strv_contains(l
, escaped
))
47 r
= strv_extend(&l
, escaped
);
51 w
= json_variant_unref(w
);
52 r
= json_variant_new_array_strv(&w
, l
);
54 return log_error_errno(r
, "Failed to create FIDO2 credential ID JSON: %m");
56 r
= json_variant_set_field(v
, "fido2HmacCredential", w
);
58 return log_error_errno(r
, "Failed to update FIDO2 credential ID: %m");
63 static int add_fido2_salt(
67 const void *fido2_salt
,
68 size_t fido2_salt_size
,
72 _cleanup_(json_variant_unrefp
) JsonVariant
*l
= NULL
, *w
= NULL
, *e
= NULL
;
73 _cleanup_(erase_and_freep
) char *base64_encoded
= NULL
;
74 _cleanup_free_
char *unix_salt
= NULL
;
75 struct crypt_data cd
= {};
79 r
= make_salt(&unix_salt
);
81 return log_error_errno(r
, "Failed to generate salt: %m");
83 /* Before using UNIX hashing on the supplied key we base64 encode it, since crypt_r() and friends
84 * expect a NUL terminated string, and we use a binary key */
85 r
= base64mem(secret
, secret_size
, &base64_encoded
);
87 return log_error_errno(r
, "Failed to base64 encode secret key: %m");
90 k
= crypt_r(base64_encoded
, unix_salt
, &cd
);
92 return log_error_errno(errno_or_else(EINVAL
), "Failed to UNIX hash secret key: %m");
94 r
= json_build(&e
, JSON_BUILD_OBJECT(
95 JSON_BUILD_PAIR("credential", JSON_BUILD_BASE64(cid
, cid_size
)),
96 JSON_BUILD_PAIR("salt", JSON_BUILD_BASE64(fido2_salt
, fido2_salt_size
)),
97 JSON_BUILD_PAIR("hashedPassword", JSON_BUILD_STRING(k
))));
99 return log_error_errno(r
, "Failed to build FIDO2 salt JSON key object: %m");
101 w
= json_variant_ref(json_variant_by_key(*v
, "privileged"));
102 l
= json_variant_ref(json_variant_by_key(w
, "fido2HmacSalt"));
104 r
= json_variant_append_array(&l
, e
);
106 return log_error_errno(r
, "Failed append FIDO2 salt: %m");
108 r
= json_variant_set_field(&w
, "fido2HmacSalt", l
);
110 return log_error_errno(r
, "Failed to set FDO2 salt: %m");
112 r
= json_variant_set_field(v
, "privileged", w
);
114 return log_error_errno(r
, "Failed to update privileged field: %m");
120 #define FIDO2_SALT_SIZE 32
122 int identity_add_fido2_parameters(
124 const char *device
) {
127 _cleanup_(fido_cbor_info_free
) fido_cbor_info_t
*di
= NULL
;
128 _cleanup_(fido_assert_free
) fido_assert_t
*a
= NULL
;
129 _cleanup_(erase_and_freep
) char *used_pin
= NULL
;
130 _cleanup_(fido_cred_free
) fido_cred_t
*c
= NULL
;
131 _cleanup_(fido_dev_free
) fido_dev_t
*d
= NULL
;
132 _cleanup_(erase_and_freep
) void *salt
= NULL
;
133 JsonVariant
*un
, *realm
, *rn
;
134 bool found_extension
= false;
135 const void *cid
, *secret
;
137 size_t n
, cid_size
, secret_size
;
141 /* Construction is like this: we generate a salt of 32 bytes. We then ask the FIDO2 device to
142 * HMAC-SHA256 it for us with its internal key. The result is the key used by LUKS and account
143 * authentication. LUKS and UNIX password auth all do their own salting before hashing, so that FIDO2
144 * device never sees the volume key.
146 * S = HMAC-SHA256(I, D)
148 * with: S → LUKS/account authentication key (never stored)
149 * I → internal key on FIDO2 device (stored in the FIDO2 device)
150 * D → salt we generate here (stored in the privileged part of the JSON record)
157 salt
= malloc(FIDO2_SALT_SIZE
);
161 r
= genuine_random_bytes(salt
, FIDO2_SALT_SIZE
, RANDOM_BLOCK
);
163 return log_error_errno(r
, "Failed to generate salt: %m");
169 r
= fido_dev_open(d
, device
);
171 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
172 "Failed to open FIDO2 device %s: %s", device
, fido_strerr(r
));
174 if (!fido_dev_is_fido2(d
))
175 return log_error_errno(SYNTHETIC_ERRNO(ENODEV
),
176 "Specified device %s is not a FIDO2 device.", device
);
178 di
= fido_cbor_info_new();
182 r
= fido_dev_get_cbor_info(d
, di
);
184 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
185 "Failed to get CBOR device info for %s: %s", device
, fido_strerr(r
));
187 e
= fido_cbor_info_extensions_ptr(di
);
188 n
= fido_cbor_info_extensions_len(di
);
190 for (size_t i
= 0; i
< n
; i
++)
191 if (streq(e
[i
], "hmac-secret")) {
192 found_extension
= true;
196 if (!found_extension
)
197 return log_error_errno(SYNTHETIC_ERRNO(ENODEV
),
198 "Specified device %s is a FIDO2 device, but does not support the required HMAC-SECRET extension.", device
);
204 r
= fido_cred_set_extensions(c
, FIDO_EXT_HMAC_SECRET
);
206 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
207 "Failed to enable HMAC-SECRET extension on FIDO2 credential: %s", fido_strerr(r
));
209 r
= fido_cred_set_rp(c
, "io.systemd.home", "Home Directory");
211 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
212 "Failed to set FIDO2 credential relying party ID/name: %s", fido_strerr(r
));
214 r
= fido_cred_set_type(c
, COSE_ES256
);
216 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
217 "Failed to set FIDO2 credential type to ES256: %s", fido_strerr(r
));
219 un
= json_variant_by_key(*v
, "userName");
221 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
222 "userName field of user record is missing");
223 if (!json_variant_is_string(un
))
224 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
225 "userName field of user record is not a string");
227 realm
= json_variant_by_key(*v
, "realm");
229 if (!json_variant_is_string(realm
))
230 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
231 "realm field of user record is not a string");
233 fido_un
= strjoina(json_variant_string(un
), json_variant_string(realm
));
235 fido_un
= json_variant_string(un
);
237 rn
= json_variant_by_key(*v
, "realName");
238 if (rn
&& !json_variant_is_string(rn
))
239 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
240 "realName field of user record is not a string");
242 r
= fido_cred_set_user(c
,
243 (const unsigned char*) fido_un
, strlen(fido_un
), /* We pass the user ID and name as the same */
245 rn
? json_variant_string(rn
) : NULL
,
246 NULL
/* icon URL */);
248 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
249 "Failed to set FIDO2 credential user data: %s", fido_strerr(r
));
251 r
= fido_cred_set_clientdata_hash(c
, (const unsigned char[32]) {}, 32);
253 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
254 "Failed to set FIDO2 client data hash: %s", fido_strerr(r
));
256 r
= fido_cred_set_rk(c
, FIDO_OPT_FALSE
);
258 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
259 "Failed to turn off FIDO2 resident key option of credential: %s", fido_strerr(r
));
261 r
= fido_cred_set_uv(c
, FIDO_OPT_FALSE
);
263 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
264 "Failed to turn off FIDO2 user verification option of credential: %s", fido_strerr(r
));
266 log_info("Initializing FIDO2 credential on security token.");
268 log_notice("%s%s(Hint: This might require verification of user presence on security token.)",
269 emoji_enabled() ? special_glyph(SPECIAL_GLYPH_TOUCH
) : "",
270 emoji_enabled() ? " " : "");
272 r
= fido_dev_make_cred(d
, c
, NULL
);
273 if (r
== FIDO_ERR_PIN_REQUIRED
) {
274 _cleanup_free_
char *text
= NULL
;
276 if (asprintf(&text
, "Please enter security token PIN:") < 0)
280 _cleanup_(strv_free_erasep
) char **pin
= NULL
;
283 r
= ask_password_auto(text
, "user-home", NULL
, "fido2-pin", USEC_INFINITY
, 0, &pin
);
285 return log_error_errno(r
, "Failed to acquire user PIN: %m");
287 r
= FIDO_ERR_PIN_INVALID
;
288 STRV_FOREACH(i
, pin
) {
290 log_info("PIN may not be empty.");
294 r
= fido_dev_make_cred(d
, c
, *i
);
296 used_pin
= strdup(*i
);
301 if (r
!= FIDO_ERR_PIN_INVALID
)
305 if (r
!= FIDO_ERR_PIN_INVALID
)
308 log_notice("PIN incorrect, please try again.");
311 if (r
== FIDO_ERR_PIN_AUTH_BLOCKED
)
312 return log_notice_errno(SYNTHETIC_ERRNO(EPERM
),
313 "Token PIN is currently blocked, please remove and reinsert token.");
314 if (r
== FIDO_ERR_ACTION_TIMEOUT
)
315 return log_error_errno(SYNTHETIC_ERRNO(ENOSTR
),
316 "Token action timeout. (User didn't interact with token quickly enough.)");
318 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
319 "Failed to generate FIDO2 credential: %s", fido_strerr(r
));
321 cid
= fido_cred_id_ptr(c
);
323 return log_error_errno(SYNTHETIC_ERRNO(EIO
), "Failed to get FIDO2 credential ID.");
325 cid_size
= fido_cred_id_len(c
);
327 a
= fido_assert_new();
331 r
= fido_assert_set_extensions(a
, FIDO_EXT_HMAC_SECRET
);
333 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
334 "Failed to enable HMAC-SECRET extension on FIDO2 assertion: %s", fido_strerr(r
));
336 r
= fido_assert_set_hmac_salt(a
, salt
, FIDO2_SALT_SIZE
);
338 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
339 "Failed to set salt on FIDO2 assertion: %s", fido_strerr(r
));
341 r
= fido_assert_set_rp(a
, "io.systemd.home");
343 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
344 "Failed to set FIDO2 assertion ID: %s", fido_strerr(r
));
346 r
= fido_assert_set_clientdata_hash(a
, (const unsigned char[32]) {}, 32);
348 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
349 "Failed to set FIDO2 assertion client data hash: %s", fido_strerr(r
));
351 r
= fido_assert_allow_cred(a
, cid
, cid_size
);
353 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
354 "Failed to add FIDO2 assertion credential ID: %s", fido_strerr(r
));
356 r
= fido_assert_set_up(a
, FIDO_OPT_FALSE
);
358 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
359 "Failed to turn off FIDO2 assertion user presence: %s", fido_strerr(r
));
361 log_info("Generating secret key on FIDO2 security token.");
363 r
= fido_dev_get_assert(d
, a
, used_pin
);
364 if (r
== FIDO_ERR_UP_REQUIRED
) {
365 r
= fido_assert_set_up(a
, FIDO_OPT_TRUE
);
367 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
368 "Failed to turn on FIDO2 assertion user presence: %s", fido_strerr(r
));
370 log_notice("%s%sIn order to allow secret key generation, please verify presence on security token.",
371 emoji_enabled() ? special_glyph(SPECIAL_GLYPH_TOUCH
) : "",
372 emoji_enabled() ? " " : "");
374 r
= fido_dev_get_assert(d
, a
, used_pin
);
376 if (r
== FIDO_ERR_ACTION_TIMEOUT
)
377 return log_error_errno(SYNTHETIC_ERRNO(ENOSTR
),
378 "Token action timeout. (User didn't interact with token quickly enough.)");
380 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
381 "Failed to ask token for assertion: %s", fido_strerr(r
));
383 secret
= fido_assert_hmac_secret_ptr(a
, 0);
385 return log_error_errno(SYNTHETIC_ERRNO(EIO
), "Failed to retrieve HMAC secret.");
387 secret_size
= fido_assert_hmac_secret_len(a
, 0);
389 r
= add_fido2_credential_id(v
, cid
, cid_size
);
393 r
= add_fido2_salt(v
,
403 /* If we acquired the PIN also include it in the secret section of the record, so that systemd-homed
404 * can use it if it needs to, given that it likely needs to decrypt the key again to pass to LUKS or
406 r
= identity_add_token_pin(v
, used_pin
);
412 return log_error_errno(EOPNOTSUPP
, "FIDO2 tokens not supported on this build.");
416 int list_fido2_devices(void) {
418 _cleanup_(table_unrefp
) Table
*t
= NULL
;
419 size_t allocated
= 64, found
= 0;
420 fido_dev_info_t
*di
= NULL
;
423 di
= fido_dev_info_new(allocated
);
427 r
= fido_dev_info_manifest(di
, allocated
, &found
);
428 if (r
== FIDO_ERR_INTERNAL
|| (r
== FIDO_OK
&& found
== 0)) {
429 /* The library returns FIDO_ERR_INTERNAL when no devices are found. I wish it wouldn't. */
430 log_info("No FIDO2 devices found.");
435 r
= log_error_errno(SYNTHETIC_ERRNO(EIO
), "Failed to enumerate FIDO2 devices: %s", fido_strerr(r
));
439 t
= table_new("path", "manufacturer", "product");
445 for (size_t i
= 0; i
< found
; i
++) {
446 const fido_dev_info_t
*entry
;
448 entry
= fido_dev_info_ptr(di
, i
);
450 r
= log_error_errno(SYNTHETIC_ERRNO(EIO
),
451 "Failed to get device information for FIDO device %zu.", i
);
457 TABLE_PATH
, fido_dev_info_path(entry
),
458 TABLE_STRING
, fido_dev_info_manufacturer_string(entry
),
459 TABLE_STRING
, fido_dev_info_product_string(entry
));
461 table_log_add_error(r
);
466 r
= table_print(t
, stdout
);
468 log_error_errno(r
, "Failed to show device table: %m");
475 fido_dev_info_free(&di
, allocated
);
478 return log_error_errno(EOPNOTSUPP
, "FIDO2 tokens not supported on this build.");
482 int find_fido2_auto(char **ret
) {
484 _cleanup_free_
char *copy
= NULL
;
485 size_t di_size
= 64, found
= 0;
486 const fido_dev_info_t
*entry
;
487 fido_dev_info_t
*di
= NULL
;
491 di
= fido_dev_info_new(di_size
);
495 r
= fido_dev_info_manifest(di
, di_size
, &found
);
496 if (r
== FIDO_ERR_INTERNAL
|| (r
== FIDO_OK
&& found
== 0)) {
497 /* The library returns FIDO_ERR_INTERNAL when no devices are found. I wish it wouldn't. */
498 r
= log_error_errno(SYNTHETIC_ERRNO(ENODEV
), "No FIDO2 devices found.");
502 r
= log_error_errno(SYNTHETIC_ERRNO(EIO
), "Failed to enumerate FIDO2 devices: %s", fido_strerr(r
));
506 r
= log_error_errno(SYNTHETIC_ERRNO(ENOTUNIQ
), "More than one FIDO2 device found.");
510 entry
= fido_dev_info_ptr(di
, 0);
512 r
= log_error_errno(SYNTHETIC_ERRNO(EIO
),
513 "Failed to get device information for FIDO device 0.");
517 path
= fido_dev_info_path(entry
);
519 r
= log_error_errno(SYNTHETIC_ERRNO(EIO
),
520 "Failed to query FIDO device path.");
530 *ret
= TAKE_PTR(copy
);
534 fido_dev_info_free(&di
, di_size
);
537 return log_error_errno(EOPNOTSUPP
, "FIDO2 tokens not supported on this build.");